The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Jan Tomasek <jan.tomasek AT cesnet.cz>]

Hello,

I wanted to use CAT as entry point for testing our cesnet.eu domain. But 
despite what I write as inner user name, it forces cesnet.eu. Logs on 
our RADIUS server:

Fri Oct 26 15:11:11 2018: DEBUG: EAP TTLS inner authentication request 
for semik AT cesnet.eu
Fri Oct 26 15:11:11 2018: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <8><207><254>IC|<249><160><10><208><133><205>Vz<209>L
Attributes:
        User-Name = "semik AT cesnet.eu"
        MS-CHAP-Challenge = <162>4X`<194>K:N<9><251>:<197>Qwp<133>
        MS-CHAP2-Response = 
w<0><15>lcA<191><231>R3x.<172>H<226>#<168>s<0><0><0><0><0><0><0><0><188>E<154><201><19><8><229>:<169><186><178><132><182>AH<213><191>w<218>r<137>)\<186>


Fri Oct 26 15:11:11 2018: DEBUG: User semik AT cesnet.cz/semik AT cesnet.eu is 
trying cheat.

That debug message is thrown by code comparing inner EAP identity 
(first) and external identity (second).


I'm not sure if this is a bug or intentional feature. I want just to 
inform if it is a bug.

Best regards
--
--------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://staff.cesnet.cz/~semik/        Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone: +420 234 680 279               http://www.cesnet.cz/

Attachment: cat2.png
Description: PNG image

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature